c7bf44cd65bcf9c68fac21b0e657f9f37507718fabaf490991bb4fcb38b76b6f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 07:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a3656c2de7298414af4d00be18e74570N.exe
Size

54KB
MD5

a3656c2de7298414af4d00be18e74570
SHA1

476c6b4e6d6c907877f73a9c0176c1d998455245
SHA256

c7bf44cd65bcf9c68fac21b0e657f9f37507718fabaf490991bb4fcb38b76b6f
SHA512

c0373086543a72cb7a7c98c31973452732530294c6264fd96b2f8acb62da057b9b82c804b414186f4e29d9f07aa12fdf9624174df12a52889de14a11d9a05f74
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIC:CTWn1++PJHJXA/OsIZfzc3/Q8IZv2j

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3215) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2948-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0007000000012117-2.dat	upx
behavioral1/files/0x0002000000010667-6.dat	upx
behavioral1/memory/2948-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\MountOpen.xltx.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	a3656c2de7298414af4d00be18e74570N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	a3656c2de7298414af4d00be18e74570N.exe

C:\Users\Admin\AppData\Local\Temp\a3656c2de7298414af4d00be18e74570N.exe
"C:\Users\Admin\AppData\Local\Temp\a3656c2de7298414af4d00be18e74570N.exe"
1⤵
- Drops file in Program Files directory
PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp

Filesize
54KB

MD5
7633f7e17e7d0fcaa7cf836e0a6ae053

SHA1
e71af0110c7f3a4bc6224301cf54768be2bb4312

SHA256
94e1850116144ef5380e0f7819417a2c605dc0ea64b6b26be1f490738fdc18bd

SHA512
67032c15da8a6f0de364f0640c2dbd9c8eab3e039792c39012c8e97e51fc694182fe6e58b09ce5e513fd9224b27610504dddf9f9bbcb9b5398553041ed5b5f8f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
c3377c80389e156ea72aea8727ca1bba

SHA1
7cb6a7dd8a6b068d9372311bfc416c8c4ae8d787

SHA256
574a10592ca8ef5a19cf6d70dd6b66773a75cbbbbe3e9294af7f67c44e9734e8

SHA512
415fded7cf60ccbc2a719317af881e4e2ea92129e361b70d8df408c72501927787586006afe0258b7bd05469210c4ade6895e62dc058acd9f2eeab162e41f433

Download Submit
memory/2948-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2948-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads